An authentication bypass vulnerability has been discovered in libssh versions prior to 0.7.6 and 0.8.4, in the server-side state machine. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials, resulting in unauthorized access.
An authentication bypass vulnerability has been discovered in libssh versions prior to 0.7.6 and 0.8.4, in the server-side state machine. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials, resulting in unauthorized access.
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/ https://www.libssh.org/security/advisories/CVE-2018-10933.txt https://git.libssh.org/projects/libssh.git/commit/?id=2bddafeb709eacc80ad31fec40479f9b628a8bd7 https://git.libssh.org/projects/libssh.git/commit/?id=825f4ba96407abe8cebb046a7503fa2bf5de9df6 https://git.libssh.org/projects/libssh.git/commit/?id=20981bf2296202e95d7919394d4610ae3a876cfa https://git.libssh.org/projects/libssh.git/commit/?id=5d7414467d6dac100a93df761b06de5cd07fc69a https://git.libssh.org/projects/libssh.git/commit/?id=459868c4a57d2d11cf7835655a8d1a5cf034ccb4 https://git.libssh.org/projects/libssh.git/commit/?id=68b0c7a93448123cc0d6a04d3df40d92a3fd0a67 https://git.libssh.org/projects/libssh.git/commit/?id=75be012b4a14f4550ce6ad3f126e559f44dbde76 https://git.libssh.org/projects/libssh.git/commit/?id=e1548a71bdac73da084174ab1d6d2713edd93f6e